On Mon, Dec 26, 2005 at 12:29:28PM -0500, George Georgalis wrote:
> Now I'm working out my first BSD bridge, and I seem to have a
> misunderstanding of pf, in this test all traffic but dns should
> pass through,
> 
> if_dmz = fpx0
> if_net = fpx1
> pass in  quick on $if_dmz all
> pass out quick on $if_dmz all
> block on $if_net proto { tcp,udp } from any to any port 53
> 
> but the block rule doesn't seem to stop anything... :-\
> What's wrong here?

Do you have options BRIDGE_IPF? And do you use "brconfig bridge0 ipf"?

Pavel Cahyna